These represent the beginning of QualysGuard Vulnerability Management coverage for the VMware vSphere ESXi operating system, as well as the beginning of QualysGuard interactions with the vSphere Web Services SDK (SOAP) API, generally.

The checks for this batch of QIDs are executed via unauthenticated remote discovery against the vSphere Web Services SDK (SOAP) API on port 443, and they are made possible by the SOAP client module which we initially embedded into the QualysGuard scanners in February. Unauthenticated, remote discovery is sufficient for authoritatively pulling the ESXi build number from the vSphere API, and knowing the build number is sufficient for execution of a vulnerability check against ESXi.

Vulnerability Management checks against the other vSphere components (ESX, vCenter); Policy Compliance checks against vSphere components, and more involved integration work with the vSphere API will require authentication. This work is well underway, and you can expect to see a new authentication module in support of the vSphere SOAP API in the QualysGuard platform soon.